Skills
skills/laurigates/claude-plugins/blueprint-sync-ids/Gen Agent Trust Hub

blueprint-sync-ids

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill extracts titles and descriptions from documentation files to create GitHub issues and generate reports. This creates an attack surface where a malicious document could influence agent behavior or attempt command injection if the agent does not properly sanitize extracted strings. \n
  • Ingestion points: Markdown files in docs/prds/, docs/adrs/, docs/prps/, and docs/blueprint/work-orders/. \n
  • Boundary markers: Absent; document content is interpolated directly into prompts and commands. \n
  • Capability inventory: Bash (executing gh CLI and jq), Write, Edit, and AskUserQuestion. \n
  • Sanitization: No explicit sanitization of document content is implemented.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 01:42 AM